forked from unicode-org/text-rendering-tests
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMORX-24.html
34 lines (30 loc) · 1.22 KB
/
MORX-24.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?xml version="1.0" encoding="UTF-8"?>
<html xmlns:ft="https://github.com/OpenType/fonttest"
xmlns:xlink="http://www.w3.org/1999/xlink">
<body>
<h3 id="MORX-24">MORX-24: Contextual Glyph Subsitution Forever</h3>
<div class="desc">
The <a href="../fonts/TestMORXTwentyfour.ttf">font</a> for this
test case attempts to run a denial-of-service attack on the
rendering engine under test. The font’s finite-state transducer
substitutes glyph <em>A</em> by <em>B</em>, <em>B</em> by <em>C</em>,
<em>C</em> by <em>D</em>, <em>D</em> by <em>E</em>,
and <em>E</em> by <em>A</em>. These transitions are all marked with
the <em>DontAdvance</em> flag, so the machine never makes progress.
</div>
<div class="desc">
If your rendering system is immune to this attack, it will detect
getting stuck (for example, by imposing an upper limit on the number
of transitions taken by the finite-state machine), and give up quickly.
See <a href="https://github.com/foliojs/fontkit/issues/175">fontkit
bug 175</a>.
</div>
<table>
<tr>
<th class="conformance-header">Conformance</th>
<td class="should-not-crash" ft:id="MORX-24/1" ft:render="ABCDE"
ft:font="TestMORXTwentyfour.ttf"/>
</tr>
</table>
</body>
</html>